[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] windows: Is it better to run condor as user or useVM1_USER etc...

> As the subject says, I'm wondering which is better: Using the config
option VMx_USER,
> or running the service as whatever user I'd need.

Right, so here's the problem I encountered when trying to run the
condor_master service as any account other than SYSTEM on Windows. The
condor_master process had all kinds of trouble spawning and managing the
sub-threads for jobs because even a user account set as a local
Administrator on a machine doesn't have nearly the local permission
level that the local SYSTEM account does. It was an exercise in pain so
we switched to using the VMx_USER approach to run each condor_starter as
a specific domain account.

> 11/1 10:41:20 Child 1636 died, but not a daemon -- Ignored

Yea, that not usually a message worth paying attention to. You'll see
that on all Condor installs regardless of what user the daemons are
running as.

> Running condor as the system account I've never noticed this issue,
> this opens another can of worms for me that I'd rather not mess with
if I
> don't have to.

It's the achilles heel of Windows-as-a-server: how do you run a daemon
on a machine that can access network shares but is still all powerful on
the local machine? Basically, you can't do this without making some
concessions. The concessions we've made at Altera are keeping a
wide-open, read-only share for Condor configuration files (so that a
damon run as SYSTEM can read it's configuration from a UNC path). And
then we use the VMx_USER settings so we don't have to worry about
synchronizing user password changes with the condor_credd server.

We're seriously looking at VM Ware to make this daemon/permisison
headache a thing of the past. We'll run Linux on our entire farm and
Windows jobs will get run under VMs. We're still a ways off implementing
this but it's a promising solution to the Windows "server" management
headache we deal with now and all the hoop jumping we do to make the
pool easy to administer.

- Ian

Confidentiality Notice.  This message may contain information that is confidential or otherwise protected from disclosure.
If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution, 
or copying of this message, or any attachments, is strictly prohibited.  If you have received this message in error, 
please advise the sender by reply e-mail, and delete the message and any attachments.  Thank you.